Nokia’s “nerd psychologist” helps Finnish data breach victims By Aron Heller | Nokia, Thursday, 05 Nov 2020

News of last month’s massive data breach in Finland, in which thousands of psychotherapy patients in the country discovered that their confidential records had been hacked and they were now facing blackmail, sent shockwaves through the typically stoic Nordic nation.

But for Nokia UX designer Aapo Puskala it was a call to action.

As a trained psychologist, he could relate to the pain of the victims whose deepest secrets had been compromised. And as a tech-savvy programmer, who has honed his craft among Nokia software developers, he felt that he had the tools to do something about it.

He quickly set up a website in which some 40,000 patients who were potentially exposed could find out whether their personal information had been leaked. The response was overwhelming, with Puskala earning praise from the local media, who coined him the “nerd psychologist” for his initiative.

Although the website is unrelated to his day job, Puskala said the side project reflected Nokia’s values of using technology for good, particularly in this case when technology created the problem in the first place.

Even more significantly the victims themselves were deeply appreciative, saying that the knowledge he provided offered a degree of comfort amid such unsettling circumstances. Even those confirmed to have been targeted thanked him, saying it was far more reassuring than knowing nothing at all.

“I really feel empowered when I can use my skills to help somebody who does not have these kinds of skills and needs help,” the 48-year-old Puskala said. “I was using technology to counter the negative effects of the crime. But technology was in a supporting role. The most important thing was the human aspect of understanding that this service was even needed.”

The sordid saga began two years ago, when an unknown hacker gained access to the classified records of Vastaamo, a private psychotherapy center that operates as a sub-contractor for Finland’s public health system. The data acquired included a variety of personal information and, most compromising, notes from therapy sessions that could include patients discussing depression, abuse and infidelity.

Initially the hacker tried to extort Vastaamo into keeping the information private. But last month, after the company repeatedly refused to pay up, the hacker carried out the threat and released some 300 files on the dark web. The hacker then began blackmailing individual people by demanding a random payment in Bitcoin to prevent their information from also being leaked.

The publication deeply disturbed a typically private and trusting Finnish nation, with President Sauli Niinisto calling the breach “relentlessly cruel.”

“We all have our inner personality that we want to protect. Now it has been violated,” he told Finnish public broadcaster YLE.

Puskala, a father of a 10-year-old daughter, said he could relate. Like others in Finland, he too feared the data breach could lead to suicides and other tragedies but thus far none have been reported.

Despite a massive online manhunt, the perpetrator is still at large. Puskala said he was hopeful the case would be solved soon and there would be no more leaks. Despite pride in his role, he was disappointed that it was even necessary and that neither Vastaamo nor the authorities had stepped in sooner.

Over a single weekend, Puskala tracked down the relevant e-mail addresses on the dark web, encrypted them and then bought a domain and built the website. Users could then enter the original e-mail address they had used with Vataamo and get an automated reply about whether it was among those leaked.

He released the site on Oct. 25, posted about it on his Facebook page and it took off.

Puskala said the site he built required just basic coding, and “the tech was pretty simple.” But with thousands turning to him for help it became a major undertaking, and he personally responded with about 500 text messages over a three-day period.

He said his colleagues at Nokia headquarters in Espoo who work with him on designing a software package called Digital Operations Center had been very supportive. He particularly thanked his line manager Erno Kouvalainen for providing him the flexibility to pursue the mission.

“The most important thing is to understand human emotions. In Nokia’s context that means to develop things that help these needs and alleviate these concerns,” he said. “The tech itself is cool but when tech is combined with understanding needs and emotions that is what moves us forward.”